On Thu, Apr 08, 2004 at 10:50:33AM +0000, Mark wrote:
> Purl Gurl (in alt.apache.configuration) wrote:
> 
> > tz wrote:

> >> Running Apache/1.3.27 (Unix) here.
> >
> > Excellent. Apache 1.3.27 is the best
> > version of all Apache releases. Next
> > two, .28 and .29 have some bugs.
> 
> Is this true? I very much doubt it. Since I recently upgraded to 1.3.29
> myself (on FreeBSD 4.9R-p3), it doesn't hurt to ask, though.

It's not in agreement with what it says on http://httpd.apache.org/.
apache-1.3.29 is a security release, as well as being a bug fix
release.

The Apache Software Foundation is not shy about admitting mistakes or
shortcomings: if they felt that an older release was substantially
better for most people to run, that information would be plastered all
over their front page.

There is a bug to do with mod_usertrack and the CookieName directive
which is a current issue in the latest versions of apache.  However,
it's something that will only affect a few apache users, and there's a
simple work-around.  It's not so significant they've produced a new
release right away, nor is it anything like as important as the buffer
overflow fixed with the release of 1.3.29, exploitation of which could
allow an attacker to DoS your server or even run arbitrary code upon
it.

        Cheers,

        Matthew

-- 
Dr Matthew J Seaman MA, D.Phil.                       26 The Paddocks
                                                      Savill Way
PGP: http://www.infracaninophile.co.uk/pgpkey         Marlow
Tel: +44 1628 476614                                  Bucks., SL7 1TH UK

Attachment: pgp00000.pgp
Description: PGP signature

Reply via email to